Skip to content

What To Expect From Your Incydr Rollout

We’re often asked what deploying Incydr involves. 

To get you answers, we sat down with the head of Code42’s Professional Services team, Amanda Brock, to address some of the most common questions, concerns and misunderstandings when it comes to deploying Incydr.

What should customers expect when it comes to deploying Incydr?

It’s a lot less resource-intensive than what they’re probably thinking. At least that’s what we hear from customers after we’re done deploying. Compared to other data protection solutions, Incydr deployments take a lot less time and require fewer internal resources from our customers.

Part of the reason is the product: Incydr has an ultra-lightweight endpoint agent, and we have no problem deploying it out to hundreds of devices within minutes. And it’s a cloud-based management console, so there’s nothing else to install or deploy. The product is designed to work right out of the box, with pre-built integrations. There is no need to write policies for everything that you want to define as good or bad in your environment. With Incydr, those rules are automatically set up, and the product gives you plenty of info right out of the box.

Rollout is really about refining alerts and customizing it to fit your organization’s needs. Best part: We do most of that customization work with you.

You’ll get a dedicated professional services team, and the rollout is led by the same person that did your proof-of-value (POV). Because of this consistency, the process is very efficient. We leave you with a  finely tuned environment to give you the most value without burdensome maintenance.

How much time does Incydr rollout require?

We can get it done in five days or less — all remotely. Our ProStart methodology has five stages. Customers can choose to do it in five or 10 days. And either way, it’s a max of 20 hours. Our team walks the customer through the whole process and any prerequisite information that may be needed.

Who needs to be involved?

We recommend engagement from the project’s executive sponsor and representatives from the identity management team, deployment or IT administrators, cloud services administrators, ecosystem or automation administrators, and an Insider Risk Management team if you  have one. These members are only needed briefly for specific pieces of the rollout.

We know that everyone’s running a skeleton crew these days and that deployment can’t become your full-time job. The ProStart process is about Code42 doing as much pre-work as possible, limiting meetings and only including your team where absolutely necessary to reduce your burden. We like to say we’ve created a streamlined car wash methodology: Get it done, do it right, every time — in a limited timeframe.

What does the ProStart Process look like?

There are five distinct stages. Each stage is structured to efficiently utilize our time working with each department, and all meetings can be conducted remotely:

  1. Kickoff and Initial Set-Up: This first stage is really just a meeting that takes about an hour. We talk about the process and what to expect at each step. And then on our end, we’re doing the initial setup for agent deployment.
  2. Agent Deployment: Here, we’re deploying the Incydr endpoint agent to all your devices. We can mass deploy out to Windows, Mac OS, and Linux machines in minutes using industry standard MDM tools.
  3. Ecosystem and Integrations: Once the agent is deployed on all your devices, we’re setting up automation and detectors in your ecosystem. Whether that’s OneDrive, Google, Salesforce, etc. We’re setting it up and determining who should be in-scope based on user groups, licenses, etc. We also set up workflows in this stage and advise  your team on best practices, such as how to triage alerts to avoid the alert fatigue that’s all too common with many security tools.
  4. Incydr Product Training: Now, we’re getting into the nitty-gritty of training your team how to effectively and most efficiently use Incydr. For example, we do a whole Day in the Life of an Analyst, where we go through how to navigate the dashboard, how to monitor alerts and risk signals, how to investigate and find the information you need. We show your team how to use Incydr to enable a trust-but-verify approach.
  5. Wrap-Up and Sign-Off: Once training is done, the final stage is about fine-tuning and providing recommendations for optimization. We look at the alerts and signals that you’re getting in your environment, and see how we can make tweaks to alerts and risk scoring to show you more of what you care about and less of what you don’t.

What work needs to be done to take an environment from POV to full production?

The purpose of the POV is to demonstrate Incydr’s out-of-the-box capabilities using your own environment. The ProStart process is about setting the customer up for scalability and broader success. We take the production environment from POV and expand to the full user base and refine configurations. We train your team on best practices, and we do this all in no more than 20 hours of your time.

For more information on Incydr deployment, including tech specs, software and system requirements, FAQs, and more, visit

You might also like: